There is also another opportunity: to use a standard encryption (javax.crypto.spec.DESKeySpec for example) to encode only some critical fields in SQLlite table and leave the tables, indexes and other non-critical fields open. In this case the critical fields should be encoded and stored as blobs which should be decoded after reading. Of course there are several issues to address (keys management, reverse engineering) but overall it seems to be less complicated than building your own SQL DB engine (SQLCipher) in native code.
On Dec 20, 10:47 am, DanH <danhi...@ieee.org> wrote: > Yeah, that's basically it. Once you open the DB and set the key the > DB behaves just like any other SQLite DB. No extra steps are required > beyond setting the key. (Well, except for the minor detail of > customizing, compiling. building, installing, and debugging your > SQLCipher port.) > > On Dec 20, 3:52 am, Marco Oreste Migliori <mo.migli...@gmail.com> > wrote: > > > > > > > > > Thx guys, > > > I got SQLCipehr but I'm wondering if to add a key it's enough! > > I mean, let's say I have to create a new encrypted db, the following would > > be the steps needed using SQLCipher & NDK: > > > 1. Compiling and configuring SQLCipher to add it in my code using NDK. > > > 2. *Create the db using the standard SQLite fuctions.* > > > 3. Add a key using the SQLCipher functions. > > > Now let's suppose I need to read the db created and encrypted before, I > > should do the following actions: > > > 1. Open the db using the standard SQLite opening function. > > 2. *Use the SQLCipher key function to get access* > > 3. Perform the reading > > 4. Close the db using the standard SQLite closing function. > > > What I want to say is: is it enough to use the SQLCipher key function just > > in those steps? (I mean the underlined ones) > > > Maybe I did not understand the right way to use SQLCipher. > > > Thanks in advance, > > > Marco. > > > On Sun, Dec 19, 2010 at 5:18 AM, DanH <danhi...@ieee.org> wrote: > > > The problem with SQLCipher, of course, is that you need to compile the > > > whole C SQLite implementation and embed it in the phone as native > > > code. Doable, but not for the faint of heart. > > > > But it is certainly the most secure and complete approach to data > > > encryption on a phone. > > > > On Dec 18, 8:10 pm, gjs <garyjamessi...@gmail.com> wrote: > > > > Hi, > > > > >http://sqlcipher.net/ > > > > > Regards > > > > > On Dec 18, 3:12 am, Marco Oreste Migliori <mo.migli...@gmail.com> > > > > wrote: > > > > > > Hi guys, > > > > > > I'm new in Android world, I'm developing an application which needs > > > > > sensitive data stored in a SQLite db. > > > > > I need to encrypt data but using SQLite that is not possible. > > > > > > Is there anyone able to help me? > > > > > > Marco > > > > > > -- > > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "Android Developers" group. > > > To post to this group, send email to android-developers@googlegroups.com > > > To unsubscribe from this group, send email to > > > android-developers+unsubscr...@googlegroups.com<android-developers%2Bunsubs > > > cr...@googlegroups.com> > > > For more options, visit this group at > > >http://groups.google.com/group/android-developers?hl=en > > > -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
